Match-on-Card

How It Works

The biometric comparison happens entirely on the card. Biometric data never leaves the physical credential at any stage.

Enroll

Biometric capture

→

Extract

Biometric template

→

Store

On-card secure memory

→

Present

Live biometric

→

Match on card

On-chip comparison

→

Decision

Accept / Reject

Privacy by design: biometric data is enrolled, stored and matched exclusively on the card. No raw image, no template, no score ever transits the network or reaches a server.

Trusted by industry leaders

id3 algorithms inside the silicon of global market leaders

Our match-on-card algorithms are integrated by major semiconductor vendors and identity integrators.

NXP

Semiconductors

Dutch semiconductor manufacturer, a global supplier of secure connectivity and secure-identity microcontrollers.

ST

STMicroelectronics

Franco-Italian semiconductor manufacturer; designs and produces microcontrollers including secure microcontroller families used in identity and payment cards.

infineon

Technologies

German semiconductor manufacturer; supplier of security chips for payment, identity and connected devices.

eviden

an Atos business

Atos business focused on digital, cloud, big data and cybersecurity, with offerings in digital identity and trust services.

All company names, logos and trademarks are property of their respective owners. Their inclusion reflects deployment of id3 Technologies algorithms on their platforms.

Common Criteria EAL6+

id3's Match-on-Card algorithms run inside NXP's JCOP ID 2 secure element, which holds Common Criteria certification at Evaluation Assurance Level 6 augmented (CC EAL6+). To reach this certification, id3 underwent NXP's rigorous evaluation process so that the face and fingerprint MoC embedded in the chip would meet EAL6+ assurance requirements alongside the platform and operating system. According to NXP's official factsheet, JCOP ID 2 is the first Match-on-Card to be CC EAL6+ certified.

Source — NXP JCOP ID 2 factsheet (PDF) ↗

Certification level

CC EAL6+

Standard

ISO/IEC 15408

Chip platform

NXP JCOP ID 2

Modalities

Face + Finger (MINEX III)

Application Domains

Match-on-Card is the architecture of choice wherever biometric data must remain under the exclusive control of the card holder.

National ID Programs

Government-issued identity cards with on-card biometric verification — citizen data stays on the card, not on a government server.

Border Control & ePassport

ICAO-compliant e-Gate authentication with on-card face or fingerprint matching against the travel document's secure chip.

Banking & Payment Cards

Biometric payment cards replacing PIN with a fingerprint — authentication happens on the card, transaction is approved in milliseconds.

Physical Access Control

Secure entry to buildings, data centers and restricted zones — no PIN, no backend lookup, just the card and the cardholder's biometric.

Defense & High-Security

Air-gapped environments where no network connectivity is available or permitted — EAL6+ meets the strictest government security requirements.

Healthcare Credentials

Medical staff access cards and patient e-health cards with biometric authentication — GDPR compliant with no central biometric database.

Why id3 Technologies

Highest Security Level

Embedded in NXP's JCOP ID 2 — the first chip with on-card biometric matching to reach Common Criteria EAL6+. id3's MoC algorithms were evaluated by NXP as part of this certification.

Ultra-Low Footprint

Under 10 kB of code and 2 kB of RAM — runs natively on Java Card and constrained secure elements without hardware modifications.

True Privacy by Design

No server, no database, no network required for authentication. GDPR compliance is architectural — not a policy layer on top of a central system.

Multi-Modal Support

Supports fingerprint, face and iris modalities on the same card framework — single SDK, flexible biometric policy per application.

Frequently Asked Questions

Everything you need to know about Match-on-Card technology.

01 What exactly is Match-on-Card technology?

Match-on-Card stores the biometric template directly in the card's secure memory and performs the comparison algorithm on the card's microcontroller. No biometric data — neither the template nor the live sample — ever leaves the physical card during authentication.

02 How secure is Match-on-Card?

id3's Match-on-Card algorithms are embedded in NXP's JCOP ID 2 secure element, which holds Common Criteria certification at EAL6+. id3 underwent NXP's evaluation process so that the face and fingerprint MoC running inside the chip meets EAL6+ assurance requirements alongside the platform and OS. According to NXP, JCOP ID 2 is the first chip with on-card biometric matching to be certified at this level.

03 What biometric modalities are supported?

Fingerprint is the primary modality, with face and iris recognition also supported. Multiple modalities can coexist on the same card, enabling flexible multi-factor authentication policies.

04 Can it integrate with existing smart card systems?

Yes. The SDK targets Java Card platforms and standard ISO 7816 interfaces, making it compatible with existing card management systems, readers and infrastructure without hardware modification.

05 Is it compliant with GDPR?

Yes. Because biometric data never leaves the card, there is no central processing of biometric data under GDPR Article 9 — the data controller obligation is minimized by design, not by policy.

06 What are the hardware requirements?

The SDK requires less than 10 kB of flash and less than 2 kB of RAM — compatible with most Java Card secure elements. No dedicated biometric processor or external sensor interface on the card is required.

Get started with our technologies.

Contact us to learn more about our biometric and security solutions and discover how it can transform your products and services. With id3 Technologies, step into a world where technology meets security, innovation, and reliability.

Contact us